Publically joinable Groups (#697)

* Add public field to AuthGroup * Add permission for users to join non-public groups By default this permission will be applied to the "Member" group to maintain the current behaviour. * Allow users to join public groups Users without the 'groupmanagement.request_groups' permission will be able to join groups marked as public but will not be able to see or join any other groups. * Prevent None state change from purging groups Currently when a user drops from Blue or Member state all groups and permissions are discarded. This softens that approach by not removing public groups and creates a distinction between the two activities. An argument could maybe be made for not removing permissions on a state change, but that is beyond the scope of this change. * Correct syntax for removing filtered groups * Add unit tests for disable user and member * Update services signals tests * Correct mocking call * Remove permissions checking from menu item
2026-02-08 16:16:18 +01:00 · 2017-02-12 13:03:39 +10:00
parent b636262e0c
commit 918ecf812c
12 changed files with 244 additions and 56 deletions
--- a/groupmanagement/migrations/0005_authgroup_public.py
+++ b/groupmanagement/migrations/0005_authgroup_public.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.5 on 2017-02-04 06:11
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('groupmanagement', '0004_authgroup'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='authgroup',
+            name='public',
+            field=models.BooleanField(default=False, help_text='Group is public. Any registered user is able to join this group, with visibility based on the other options set for this group.<br> Auth will not remove users from this group automatically when they are no longer authenticated.'),
+        ),
+    ]
--- a/groupmanagement/migrations/0006_request_groups_perm.py
+++ b/groupmanagement/migrations/0006_request_groups_perm.py
@@ -0,0 +1,44 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.5 on 2017-02-04 07:17
+from __future__ import unicode_literals
+
+from django.db import migrations
+from django.conf import settings
+from django.core.exceptions import ObjectDoesNotExist
+from django.contrib.auth.management import create_permissions
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def add_default_member_permission(apps, schema_editor):
+    for app_config in apps.get_app_configs():
+        app_config.models_module = True
+        create_permissions(app_config, apps=apps, verbosity=0)
+        app_config.models_module = None
+
+    Group = apps.get_model("auth", "Group")
+    Permission = apps.get_model("auth", "Permission")
+
+    try:
+        perm = Permission.objects.get(codename='request_groups', name='Can request non-public groups')
+        group = Group.objects.get(name=getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member'))
+        group.permissions.add(perm)
+    except ObjectDoesNotExist:
+        logger.warning('Failed to add default request_groups permission to Member group')
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('groupmanagement', '0005_authgroup_public'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='authgroup',
+            options={'permissions': (('request_groups', 'Can request non-public groups'),)},
+        ),
+        migrations.RunPython(add_default_member_permission),
+    ]
--- a/groupmanagement/models.py
+++ b/groupmanagement/models.py
@@ -32,6 +32,10 @@ class AuthGroup(models.Model):
    Internal - not requestable by users, at all. Covers Corp_, Alliance_, Members etc groups.
    Groups are internal by default

+    Public - Other options are respected, but any user will be able to become and remain a member, even if they
+    have no API etc entered. Auth will not manage these groups automatically so user removal is up to
+    group managers/leaders.
+
    Not Internal and:
        Hidden - users cannot view, can request if they have the direct link.
        Not Hidden - Users can view and request the group
@@ -49,6 +53,11 @@ class AuthGroup(models.Model):
    open = models.BooleanField(default=False,
                               help_text="Group is open and users will be automatically added upon request. <br>"
                                         "If the group is not open users will need their request manually approved.")
+    public = models.BooleanField(default=False,
+                                 help_text="Group is public. Any registered user is able to join this group, with "
+                                           "visibility based on the other options set for this group.<br> Auth will "
+                                           "not remove users from this group automatically when they are no longer "
+                                           "authenticated.")
    # Group leaders have management access to this group
    group_leaders = models.ManyToManyField(User, related_name='leads_groups', blank=True,
                                           help_text="Group leaders can process group requests for this group "
@@ -60,6 +69,11 @@ class AuthGroup(models.Model):
    def __str__(self):
        return self.group.name

+    class Meta:
+        permissions = (
+            ("request_groups", u"Can request non-public groups"),
+        )
+

@receiver(post_save, sender=Group)
 def create_auth_group(sender, instance, created, **kwargs):
--- a/groupmanagement/views.py
+++ b/groupmanagement/views.py
@@ -12,6 +12,7 @@ from django.http import Http404
 from groupmanagement.managers import GroupManager
 from groupmanagement.models import GroupRequest
 from authentication.models import AuthServicesInfo
+from authentication.managers import UserState
 from eveonline.managers import EveManager

 import logging
@@ -270,7 +271,14 @@ def groups_view(request):
    logger.debug("groups_view called by user %s" % request.user)
    groups = []

-    for group in GroupManager.get_joinable_groups():
+    group_query = GroupManager.get_joinable_groups()
+
+    if not request.user.has_perm('groupmanagement.request_groups'):
+        # Filter down to public groups only for non-members
+        group_query = group_query.filter(authgroup__public=True)
+        logger.debug("Not a member, only public groups will be available")
+
+    for group in group_query:
        # Exclude hidden
        if not group.authgroup.hidden:
            group_request = GroupRequest.objects.filter(user=request.user).filter(group=group)
@@ -290,6 +298,12 @@ def group_request_add(request, group_id):
                       (request.user, group_id))
        messages.warning(request, "You cannot join that group")
        return redirect('auth_groups')
+    if not request.user.has_perm('groupmanagement.request_groups') and not group.authgroup.public:
+        # Does not have the required permission, trying to join a non-public group
+        logger.warning("User %s attempted to join group id %s but it is not a public group" %
+                       (request.user, group_id))
+        messages.warning(request, "You cannot join that group")
+        return redirect('auth_groups')
    if group.authgroup.open:
        logger.info("%s joining %s as is an open group" % (request.user, group))
        request.user.groups.add(group)